Just merge the directive values:
script-src 'self' 'unsafe-eval' https://connect.facebook.net; object-src 'self'
문제
"GOOGLE EXTENSION WEB APP"
Drives me nuts.
I can't manage to have unsafe-eval and remote script both working.
I can have unsafe eval but the remove script doesn't work. And vice verso.
What failed:
Eval and Remote
"content_security_policy": "script-src https://connect.facebook.net 'unsafe-eval'; object-src 'self' "
What works:
Only Remote
"content_security_policy": "script-src 'self' https://connect.facebook.net; object-src 'self' "
Only Eval
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self' "
How to have both ?
해결책
Just merge the directive values:
script-src 'self' 'unsafe-eval' https://connect.facebook.net; object-src 'self'